Hi,
Ok, so disallowing LOGIN is not a clever move :-)
Thanks for your answers!
MJ
On 09/02/2017 08:32 AM, Patrick Ben Koetter wrote:
* postfix <post...@ayni.com>:
On 09/01/2017 04:25 PM, mj wrote:
Just a small question: we currently use posfix with sasl authentication,
and folowing many docs, we have enabled PLAIN and LOGIN authentication.
However, googling leads me to believe that LOGIN is mostly used by
Outlook Express, and that most (or all?) modern clients support the
PLAIN mechanism.
I also noticed that most failed authentication attempts are done using
LOGIN.
Now, assuming that most of these failed authentications are simply
username/password guessing... how many problems would I expect, if I
simply only offer PLAIN mechanism?
It's hard to find info on what clients use what auth type. So, are
all/most modern clients capable of doing PLAIN? (thunderbird, outlook
2010/2013) so could I simply disallow LOGIN?
Thunderbird:
PLAIN, DIGEST-MD5
Outlook 20**:
LOGIN, NTLM
As far as I know, outlook does only LOGIN, even: because of outlook the
LOGIN mechanism was introduced.
That is correct.
p@rick
